[pacman-dev] [PATCH v2] makepkg: add PACMAN_AUTH configurable setting for sudo elevation
Eli Schwartz
eschwartz at archlinux.org
Mon Apr 5 21:26:07 UTC 2021
If specified, this will be used no matter what. If not, then we check if
sudo exists and use that, or else fall back on su.
Implements FS#32621
Signed-off-by: Eli Schwartz <eschwartz at archlinux.org>
---
v2:
- skip checking if sudo exists, when PACMAN_AUTH is set. In this case we
never try to check/use sudo, so don't warn when it doesn't exist.
- use %c instead of %q
Based on discussion in IRC, we've decided to *not* have graceful fallback on
sudo, if PACMAN_AUTH is intentionally set by the user and cannot be found on
the system. So the basic precedence from the original patch is retained.
doc/makepkg.conf.5.asciidoc | 8 ++++++++
etc/makepkg.conf.in | 7 +++++++
scripts/libmakepkg/executable/sudo.sh.in | 2 +-
scripts/makepkg.sh.in | 13 ++++++++++---
4 files changed, 26 insertions(+), 4 deletions(-)
diff --git a/doc/makepkg.conf.5.asciidoc b/doc/makepkg.conf.5.asciidoc
index 3538f2328..3f8093b12 100644
--- a/doc/makepkg.conf.5.asciidoc
+++ b/doc/makepkg.conf.5.asciidoc
@@ -279,6 +279,14 @@ Options
`.tar.lzo`, `.tar.lrz`, `.tar.lz4`, `.tar.lz` and `.tar.Z`, or
simply `.tar` to disable compression entirely.
+**PACMAN_AUTH=()**::
+ Specify a command prefix for running pacman as root. If unset, makepkg will
+ check for the presence of sudo(8) and su(1) in turn, and try the first one
+ it finds.
+ +
+ If present, `%c` will be replaced with the shell-quoted form of the command
+ to run. Otherwise, the command to run is appended to the auth command.
+
See Also
diff --git a/etc/makepkg.conf.in b/etc/makepkg.conf.in
index 49bcf3a3a..aae266008 100644
--- a/etc/makepkg.conf.in
+++ b/etc/makepkg.conf.in
@@ -147,3 +147,10 @@ COMPRESSLZ=(lzip -c -f)
#
PKGEXT='@PKGEXT@'
SRCEXT='@SRCEXT@'
+
+#########################################################################
+# OTHER
+#########################################################################
+#
+#-- Command used to run pacman as root, instead of trying sudo and su
+PACMAN_AUTH=()
diff --git a/scripts/libmakepkg/executable/sudo.sh.in b/scripts/libmakepkg/executable/sudo.sh.in
index 9e50a76b2..524fe0c93 100644
--- a/scripts/libmakepkg/executable/sudo.sh.in
+++ b/scripts/libmakepkg/executable/sudo.sh.in
@@ -29,7 +29,7 @@ executable_functions+=('executable_sudo')
executable_sudo() {
if (( DEP_BIN || RMDEPS || INSTALL )); then
- if ! type -p sudo >/dev/null; then
+ if (( ${#PACMAN_AUTH[@]} == 0 )) && ! type -p sudo >/dev/null; then
warning "$(gettext "Cannot find the %s binary. Will use %s to acquire root privileges.")" "sudo" "su"
fi
fi
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index c299da62d..5c5334474 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -227,15 +227,22 @@ missing_source_file() {
}
run_pacman() {
- local cmd
+ local cmd cmdescape
if [[ $1 = -@(T|Q)*([[:alpha:]]) ]]; then
cmd=("$PACMAN_PATH" "$@")
else
cmd=("$PACMAN_PATH" "${PACMAN_OPTS[@]}" "$@")
- if type -p sudo >/dev/null; then
+ cmdescape="$(printf '%q ' "${cmd[@]}")"
+ if (( ${#PACMAN_AUTH[@]} )); then
+ if in_array '%c' "${PACMAN_AUTH[@]}"; then
+ cmd=("${PACMAN_AUTH[@]/\%c/$cmdescape}")
+ else
+ cmd=("${PACMAN_AUTH[@]}" "${cmd[@]}")
+ fi
+ elif type -p sudo >/dev/null; then
cmd=(sudo "${cmd[@]}")
else
- cmd=(su root -c "$(printf '%q ' "${cmd[@]}")")
+ cmd=(su root -c "$cmdescape")
fi
local lockfile="$(pacman-conf DBPath)/db.lck"
while [[ -f $lockfile ]]; do
--
2.31.1
More information about the pacman-dev
mailing list